diff --git a/script/integration/containerd/entrypoint.sh b/script/integration/containerd/entrypoint.sh
index 0482da65f..a606255c7 100755
--- a/script/integration/containerd/entrypoint.sh
+++ b/script/integration/containerd/entrypoint.sh
@@ -266,7 +266,9 @@ fi
 echo "Preparing images..."
 copy ghcr.io/stargz-containers/ubuntu:22.04-org "${REGISTRY_HOST}/ubuntu:22.04"
 copy ghcr.io/stargz-containers/alpine:3.15.3-org "${REGISTRY_HOST}/alpine:3.15.3"
-stargzify "${REGISTRY_HOST}/ubuntu:22.04" "${REGISTRY_HOST}/ubuntu:sgz"
+# nerctl v2 stores creds info with explicit port information. We need to add port in the image name
+# so that ggcr can authenticate.
+stargzify "${REGISTRY_HOST}:443/ubuntu:22.04" "${REGISTRY_HOST}:443/ubuntu:sgz"
 optimize "${REGISTRY_HOST}/ubuntu:22.04" "${REGISTRY_HOST}/ubuntu:esgz" "false"
 optimize "${REGISTRY_HOST}/ubuntu:22.04" "${REGISTRY_HOST}/ubuntu:zstdchunked" "false" --zstdchunked
 optimize "${REGISTRY_HOST}/alpine:3.15.3" "${REGISTRY_HOST}/alpine:esgz" "false"
diff --git a/script/optimize/optimize/entrypoint.sh b/script/optimize/optimize/entrypoint.sh
index 25be8ec0c..2f382d318 100755
--- a/script/optimize/optimize/entrypoint.sh
+++ b/script/optimize/optimize/entrypoint.sh
@@ -20,8 +20,10 @@ REGISTRY_HOST=registry-optimize.test
 DUMMYUSER=dummyuser
 DUMMYPASS=dummypass
 ORG_IMAGE_TAG="${REGISTRY_HOST}/test/test:org$(date '+%M%S')"
-OPT_IMAGE_TAG="${REGISTRY_HOST}/test/test:opt$(date '+%M%S')"
-NOOPT_IMAGE_TAG="${REGISTRY_HOST}/test/test:noopt$(date '+%M%S')"
+OPT_IMAGE_NAME="test:opt$(date '+%M%S')"
+NOOPT_IMAGE_NAME="test:noopt$(date '+%M%S')"
+OPT_IMAGE_TAG="${REGISTRY_HOST}/test/${OPT_IMAGE_NAME}"
+NOOPT_IMAGE_TAG="${REGISTRY_HOST}/test/${NOOPT_IMAGE_NAME}"
 TOC_JSON_DIGEST_ANNOTATION="containerd.io/snapshot/stargz/toc.digest"
 UNCOMPRESSED_SIZE_ANNOTATION="io.containers.estargz.uncompressed-size"
 REMOTE_SNAPSHOTTER_SOCKET=/run/containerd-stargz-grpc/containerd-stargz-grpc.sock
@@ -126,7 +128,8 @@ function check_uncompressed_size {
 }
 
 function check_optimization {
-    local TARGET=${1}
+    local TARGET="${REGISTRY_HOST}/test/${1}"
+    local TARGET_WITH_PORT="${REGISTRY_HOST}:443/test/${1}"
 
     LOCAL_WORKING_DIR="$(mktemp -d --tmpdir=${WORKING_DIR}/)"
     nerdctl pull "${TARGET}" && nerdctl save "${TARGET}" | tar xv -C "${LOCAL_WORKING_DIR}"
@@ -151,7 +154,9 @@ function check_optimization {
         echo "Validating tarball contents of layer ${I}..."
         diff "${LOCAL_WORKING_DIR}/${I}" "${LOCAL_WORKING_DIR}/${I}-want"
     done
-    crane manifest "${TARGET}" | tee "${LOCAL_WORKING_DIR}/dist-manifest.json" && echo ""
+    # nerctl v2 stores creds info with explicit port information. We need to add port in the image name
+    # so that crane can authenticate.
+    crane manifest "${TARGET_WITH_PORT}" | tee "${LOCAL_WORKING_DIR}/dist-manifest.json" && echo ""
     INDEX=0
     for L in ${LAYERS}; do
         echo "Validating TOC JSON digest of layer ${INDEX}..."
@@ -230,7 +235,7 @@ e.txt
 EOF
 append_toc "${WORKING_DIR}/2-want"
 
-check_optimization "${OPT_IMAGE_TAG}" \
+check_optimization "${OPT_IMAGE_NAME}" \
                    "${WORKING_DIR}/0-want" \
                    "${WORKING_DIR}/1-want" \
                    "${WORKING_DIR}/2-want"
@@ -259,7 +264,7 @@ e.txt
 EOF
 append_toc "${WORKING_DIR}/2-want"
 
-check_optimization "${NOOPT_IMAGE_TAG}" \
+check_optimization "${NOOPT_IMAGE_NAME}" \
                    "${WORKING_DIR}/0-want" \
                    "${WORKING_DIR}/1-want" \
                    "${WORKING_DIR}/2-want"